14 Security breaches Worldwide - Week 35, 2019
Be informed about the latest 14 Security breaches Worldwide, identified and reported publicly during Week 35, 2019. As these security-related breaches have a severe negative impact on any business, consider a security AUDIT to prevent any similar cases.
- Imperva suffered a major data breach recently affecting users of its Cloud Web Application Firewall (Incapsula).
- According to its CEO’s post, hackers made off with customer API keys and SSL certificates and user passwords. Users should change their passwords, implement SSO logins and generate new SSL certs ASAP. Cybersecurity Firm Imperva Discloses Breach
- A massive research by Google into more than a dozen different iPhone exploits is described here.
- The exploits used watering hole attacks to use privilege escalations to penetrate various parts of the phone’s operating system and browser code, and include a zero day that was patched by Apple in February with iOS v12.1.4. A very deep dive into iOS Exploit chains found in the wild
- Newly-registered domain names are often a red flag, indicating bad actors ahead.
- This post takes a deep dive into how these domains are used to compromise your networks, and found that the vast majority of them are used as command sites for malicious purposes. Many of these domains are only alive for a few hours or days and disappear before researchers have found them. Newly Registered Domains: Malicious Abuse by Bad Actors
- Researchers have found a new campaign using Trickbot to steal cellphone PIN codes of three American providers.
- The malware injects a phishing form requesting the PIN; users should be on the lookout, as this could lead to additional fraudulent use of your cell account. The long-running botnet added functionality to solicit PIN codes from mobile customers, which could allow threat actors to access victims’ voice and text communications. TrickBot Modifications Target U.S. Mobile Users
- The upcoming Moscow city election’s blockchain-based voting system had a major bug.
- French researcher nets $15,000 prize for finding bugs in Moscow's Ethereum-based voting system. The issue isn’t blockchain but a poor choice in inadequate encryption key sizes. Election authorities promise a fix before the election is held. Moscow's blockchain voting system cracked a month before election
- Phishing is getting more sophisticated, according to this new research about the Heatstroke campaign.
- Attackers have combined using private emails with steganography techniques to make their lures appear more genuine. This campaign has been seen more frequently according to these researchers. ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information
- Radio Balouch is the first known spyware using AhMyth open-source malware to circumvent the Google Play Store’s app-vetting process.
- First‑of‑its‑kind spyware sneaks into Google Play. The app actually does stream music, but also steals data from users’ phones. Google has taken it down more than once, which means it needs more careful screening tools. ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play – twice
Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!
Discover trending and viral stories about Security breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.
- Web hosting vendor Hostinger has reset all of its user passwords after a breach.
- They warned that a third party has gained unauthorized API access to usernames, emails, hashed passwords, first names and IP addresses but no financial data. The company has 14 million customers but didn’t divulge the exact number who were affected. Security Incident: What You Need To Know
- An open Elasticsearch database contained more than 1 million users of the adult website Luscious.
- The data contained usernames, email addresses, locations, activity logs, and genders. Users were located all over the world and once notified, the server was finally secured. The leak could be used to dox or compromise these users, given the nature of the content. Report: Data Breach in Adult Site Compromises Privacy of All Users
- Numerous WordPress plugins have been found to maliciously reroute traffic to criminal websites.
- At least five plugins by NicDark are involved and can be used to alter Javascript code to allow unauthenticated logins. Users should be vigilant and update all plugins frequently. Malicious WordPress Redirect Campaign Attacking Several Plugins
- This post dives into the dark world of carding shops.
- These are repositories of stolen credit card numbers, and researchers paint a dismal picture of how they operate, the two different kinds of data collected (the card numbers and information from the magnetic strips on the cards), and how they provide search tools for criminal customers. Understanding their operation can be helpful for defenders. Navigating Card Shops Data Essential for Fraud, Security Teams
- Google has a post describing how it is trying to build a better and more private web that will still serve its advertisers’ needs.
- It is a delicate balance to be sure, especially after this post about what the company doesn’t know about us. To this end, they have announced a “privacy sandbox” that will obviate the need to wholesale block cookies and provide more nuanced solutions. Potential uses for the Privacy Sandbox
- This post explains the vulnerability in Apple’s iMessage, dubbed: CVE-2019-8646.
- The issue is that Apple’s iMessage can leak data with the right collection of commands so that files from an iPhone can be read remotely by an attacker. The bug was fixed with a patch last month and users should ensure that their phones are updated. It is a good example of how the large number of classes available for NSKeyedArchiver deserialization can make a bug more versatile.
- Researchers have discovered a new phishing campaign that uses the Adwind malware.
- This malware is one of the more popular Java-based remote access Trojans. It can be used to collect keystrokes and take screenshots and steal passwords. Malicious phony PDFs (which are really Java files) are used in the attack, which is targeting electric utilities around the world. New Phishing Campaign Bypasses Microsoft ATP to Deliver Adwind to Utilities Industry
- This post describes the Neutrino malware.
- It attacks PHP servers and injects malicious scripts into phpMyAdmin. When it succeeds in gaining entry, it lies in wait until activated by the attacker to download additional components to run cryptominers and infect additional computers across the network. Finding Neutrino
Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!
